RedHat Security Advisory RHSA-2009:1287

The remote host is missing updates announced in advisory RHSA-2009:1287. OpenSSH is OpenBSD's SSH (Secure Shell) protocol implementation. These packages include the core files necessary for both the OpenSSH client and server. A flaw was found in the SSH protocol. An attacker able to perform a man-in-the-middle attack may be able to obtain a portion of plain text from an arbitrary ciphertext block when a CBC mode cipher was used to encrypt SSH communication. This update helps mitigate this attack: OpenSSH clients and servers now prefer CTR mode ciphers to CBC mode, and the OpenSSH server now reads SSH packets up to their full possible length when corruption is detected, rather than reporting errors early, reducing the possibility of successful plain text recovery. (CVE-2008-5161)
All OpenSSH users are advised to upgrade to these updated packages, which contain backported patches to resolve these issues and add these enhancements. After installing this update, the OpenSSH server daemon (sshd) will be restarted automatically. Please note that this update is available via Red Hat Network. To use Red Hat Network, launch the Red Hat Update Agent with the following command: up2date